Merge pull request #3046 from sarchar/lockedpage-change

gavinandresen · gavinandresen · commit 34f72ad6efb5 · 2013-10-20T16:14:26.000-07:00
Changing LockedPageManager to use a managed instance
diff --git a/src/allocators.cpp b/src/allocators.cpp
@@ -24,6 +24,9 @@
 #include <unistd.h> // for sysconf
 #endif
 
+LockedPageManager* LockedPageManager::_instance = NULL;
+boost::once_flag LockedPageManager::init_flag = BOOST_ONCE_INIT;
+
 /** Determine system page size in bytes */
 static inline size_t GetSystemPageSize()
 {
diff --git a/src/allocators.h b/src/allocators.h
@@ -8,6 +8,7 @@
 #include <string.h>
 #include <string>
 #include <boost/thread/mutex.hpp>
+#include <boost/thread/once.hpp>
 #include <map>
 #include <openssl/crypto.h> // for OPENSSL_cleanse()
 
@@ -34,6 +35,12 @@ template <class Locker> class LockedPageManagerBase
         page_mask = ~(page_size - 1);
     }
 
+    ~LockedPageManagerBase()
+    {
+        assert(this->GetLockedPageCount() == 0);
+    }
+
+
     // For all pages in affected range, increase lock count
     void LockRange(void *p, size_t size)
     {
@@ -117,26 +124,52 @@ class MemoryPageLocker
 /**
  * Singleton class to keep track of locked (ie, non-swappable) memory pages, for use in
  * std::allocator templates.
+ *
+ * Some implementations of the STL allocate memory in some constructors (i.e., see
+ * MSVC's vector<T> implementation where it allocates 1 byte of memory in the allocator.)
+ * Due to the unpredictable order of static initializers, we have to make sure the
+ * LockedPageManager instance exists before any other STL-based objects that use
+ * secure_allocator are created. So instead of having LockedPageManager also be
+ * static-intialized, it is created on demand.
  */
 class LockedPageManager: public LockedPageManagerBase<MemoryPageLocker>
 {
 public:
-    static LockedPageManager instance; // instantiated in util.cpp
+    static LockedPageManager& Instance() 
+    {
+        boost::call_once(LockedPageManager::CreateInstance, LockedPageManager::init_flag);
+        return *LockedPageManager::_instance;
+    }
+
 private:
     LockedPageManager();
+
+    static void CreateInstance()
+    {
+        // Using a local static instance guarantees that the object is initialized
+        // when it's first needed and also deinitialized after all objects that use
+        // it are done with it.  I can think of one unlikely scenario where we may
+        // have a static deinitialization order/problem, but the check in
+        // LockedPageManagerBase's destructor helps us detect if that ever happens.
+        static LockedPageManager instance;
+        LockedPageManager::_instance = &instance;
+    }
+
+    static LockedPageManager* _instance;
+    static boost::once_flag init_flag;
 };
 
 //
 // Functions for directly locking/unlocking memory objects.
 // Intended for non-dynamically allocated structures.
 //
 template<typename T> void LockObject(const T &t) {
-    LockedPageManager::instance.LockRange((void*)(&t), sizeof(T));
+    LockedPageManager::Instance().LockRange((void*)(&t), sizeof(T));
 }
 
 template<typename T> void UnlockObject(const T &t) {
     OPENSSL_cleanse((void*)(&t), sizeof(T));
-    LockedPageManager::instance.UnlockRange((void*)(&t), sizeof(T));
+    LockedPageManager::Instance().UnlockRange((void*)(&t), sizeof(T));
 }
 
 //
@@ -168,7 +201,7 @@ struct secure_allocator : public std::allocator<T>
         T *p;
         p = std::allocator<T>::allocate(n, hint);
         if (p != NULL)
-            LockedPageManager::instance.LockRange(p, sizeof(T) * n);
+            LockedPageManager::Instance().LockRange(p, sizeof(T) * n);
         return p;
     }
 
@@ -177,7 +210,7 @@ struct secure_allocator : public std::allocator<T>
         if (p != NULL)
         {
             OPENSSL_cleanse(p, sizeof(T) * n);
-            LockedPageManager::instance.UnlockRange(p, sizeof(T) * n);
+            LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n);
         }
         std::allocator<T>::deallocate(p, n);
     }
diff --git a/src/crypter.h b/src/crypter.h
@@ -88,16 +88,16 @@ class CCrypter
         // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
         // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
         // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
-        LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);
-        LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);
+        LockedPageManager::Instance().LockRange(&chKey[0], sizeof chKey);
+        LockedPageManager::Instance().LockRange(&chIV[0], sizeof chIV);
     }
 
     ~CCrypter()
     {
         CleanKey();
 
-        LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);
-        LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);
+        LockedPageManager::Instance().UnlockRange(&chKey[0], sizeof chKey);
+        LockedPageManager::Instance().UnlockRange(&chIV[0], sizeof chIV);
     }
 };
 
diff --git a/src/util.cpp b/src/util.cpp
@@ -95,8 +95,6 @@ void locking_callback(int mode, int i, const char* file, int line)
     }
 }
 
-LockedPageManager LockedPageManager::instance;
-
 // Init
 class CInit
 {

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@`
`24`	`24`	`#include <unistd.h> // for sysconf`
`25`	`25`	`#endif`
`26`	`26`
	`27`	`+LockedPageManager* LockedPageManager::_instance = NULL;`
	`28`	`+boost::once_flag LockedPageManager::init_flag = BOOST_ONCE_INIT;`
	`29`	`+`
`27`	`30`	`/** Determine system page size in bytes */`
`28`	`31`	`static inline size_t GetSystemPageSize()`
`29`	`32`	`{`
Original file line number	Diff line number	Diff line change
`@@ -88,16 +88,16 @@ class CCrypter`
`88`	`88`	`// Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)`
`89`	`89`	`// Note that this does nothing about suspend-to-disk (which will put all our key data on disk)`
`90`	`90`	`// Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.`
`91`		`- LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);`
`92`		`- LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);`
	`91`	`+ LockedPageManager::Instance().LockRange(&chKey[0], sizeof chKey);`
	`92`	`+ LockedPageManager::Instance().LockRange(&chIV[0], sizeof chIV);`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`~CCrypter()`
`96`	`96`	`{`
`97`	`97`	`CleanKey();`
`98`	`98`
`99`		`- LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);`
`100`		`- LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);`
	`99`	`+ LockedPageManager::Instance().UnlockRange(&chKey[0], sizeof chKey);`
	`100`	`+ LockedPageManager::Instance().UnlockRange(&chIV[0], sizeof chIV);`
`101`	`101`	`}`
`102`	`102`	`};`
`103`	`103`
Original file line number	Diff line number	Diff line change
`@@ -95,8 +95,6 @@ void locking_callback(int mode, int i, const char* file, int line)`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`
`98`		`-LockedPageManager LockedPageManager::instance;`
`99`		`-`
`100`	`98`	`// Init`
`101`	`99`	`class CInit`
`102`	`100`	`{`